TWiTIoT: This Week in The Internet of Things – Even More Fun with IoT Cyber(in)security!

Greetings, and welcome. This week, yet another new survey highlighting the lack of cybersecurity in business IoT deployments, and yet another IoT device vulnerability – 20, actually. As always, your thoughts, reactions, and suggestions welcome. Just send a quick email to medortch@dortchonit.com. And for more on the IoT and IIoT, check out “DortchOnIT’s Industrial Internet of Things (IIoT) Weekly.” Thanks.

Survey: Full Speed Ahead with IoT – but Without Cybersecurity

What Happened: A new survey of IT and security decision makers indicates that many are proceeding apace with IoT deployments, largely ignoring cybersecurity in the process.

As InfoSecurity Magazinereported, enterprise cybersecurity solutions vendor Trend Micro recently “polled 1150 IT and security decision-makers in the UK, Germany, the US, Japan and France.” Respondents’ companies are “spending an average of over $2.5m each year on IoT projects.”

“Responding organizations suffered an average of three attacks on connected devices over the past year.” Apparently, these were not enough to convince respondents that insecure IoT devices are serious vulnerabilities. “Even though 63% of respondents agreed that IoT-linked attacks have increased over the past year, just half (53%) think they’re a threat to their organization.”

This delusional thinking “might explain why over two-fifths (43%) regard IoT security as an afterthought, and just 38% get security teams involved in the implementation process for new projects. This drops even further for smart factory (32%), smart utility (31%) and wearable (30%) projects.”

What It Means: Knowing that IoT devices create significant cybersecurity risks is apparently not enough to convince IT and security decision makers to invest in defending against those risks.

As Threatpost reported, Cisco Talos researchers found 20 flaws in the Samsung controller. The device “supports a broad spectrum of third-party products- from Philips Hue smart lightbulbs, to Ring video doorbells, as well dozens more smart home products sold under the brands GE, Bose and Lutron.”

The vulnerabilities “’could be leveraged to give an attacker the ability to obtain access to [sensitive] information, monitor and control devices within the home, or otherwise perform unauthorized activities,’ researchers said in a report.”

Samsung has already released patches and a firmware advisory intended to address the vulnerabilities. “[R]esearchers recommended that users verify the updated version has actually been applied to devices to ensure that they are no longer vulnerable.”

What It Means: Even devices designed to help users consolidate and manage connections to multiple IoT devices are vulnerable to hackers and attackers. Unlike many IoT devices, hubs, routers, and controllers can be patched and have their software and firmware updated. But that does not guarantee that every patch and update will be created, released, tested, and implemented in time to defend against every attack.

Michael Dortch

As an IT industry analyst, consultant, journalist, and marketer, Michael Dortch has been translating bits and bytes into dollars and sense for four decades. His areas of expertise include strategic content planning, development, and creation, core content execution, and social media and online community development and outreach. Michael has helped to launch new products, enable sales teams, influence influencers, and grow web site traffic, prospects, leads, and positive perceptions for companies large and small. He also enjoys cooking, eating, traveling, and singing.